News

Sage, a leading accounting, payroll and payments software company, has announced that customer information was hacked into using an internal login. It is the latest in a number of high-profile businesses in the UK to have suffered significant data breaches.

The company, which has more than six million small and medium-sized businesses, operates in 23 countries. However, it is said to have only impacted UK customers.

This is not the first large UK company to be hacked. TalkTalk also had a data breach and 157,000 TalkTalk customers had their personal information taken. As a direct result of the security breach, TalkTalk lost 101,000 customers and was hit with costs of millions.

What the two data breaches have in common is that both hacks occurred using internal login details. Whereas TalkTalk did not notify their customers of the breach straight away, Sage has notified the Information Commissioner’s Office, a legal requirement, but has also issued statements to the media and clients in a timely fashion.

With the recent attack on Sage, Jon Geater, chief technology officer at Thales e-Security, suggests employee mistakes are one of, if not the most significant threat to sensitive data. He suggests that organisations should “implement employee training and invest in data analytics“. Furthermore, Geater states that organisations need to “adopt dedicated measures including data protection, encryption, and key management” which will help “protect critical data”.

Eduard Meelhuysen, vice president for Netskope, a cloud access security broker, agrees stating: “Whether true human error, compromised account details, malicious insiders or a lack of awareness around IT rules and how to help protect the company’s data, the insider element needs to form part of the wider security strategy along with external threats.”